MacOS No Longer Allowing You to SSH to Older Devices?

If you are you seeing error messages like

Unable to negotiate with "xxx" port "xxx": no matching cipher found. Their offer: aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes192-cbc, aes256-cbc, rijndael-cbc @ serve<em>r

You can either upgrade the SSH server to support these newer, more secure, algorithms or you can enable these older ciphers on your Mac by performing the following:

sudo nano /etc/ssh/ssh_config

Find the section beginning with and remove the leading # to uncomment these disabled ciphers

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

Another option is to edit the per user ssh configuration file like this

nano ~/.ssh/config

Host *
SendEnv LANG LC_*
Ciphers +aes256-cbc

Quickly compare files over SSH using diff

I maintain several Linux servers that provide DNS, web, system monitoring, syslog, and config file archival. These servers have been loyal workhorses that seldom need much care and feeding other than periodic software updates. Over the past several years my confidence and experience with Linux has grown and I’ve attempted to make notes of useful commands that I don’t use very often.

I came across one of these useful commands today and decided to make a simple blog entry if for no other reason than to help remind myself of the syntax.

Nearly every Linux system has the “diff” application available. This application points out the differences (hence the name “diff”) between the input files. I’ve used this command many times to compare files on the same server, but today I wanted to compare two files that were located on different servers. To accomplish this remote file diff operation you can simply use the ssh command and pipe the results to the diff command as follows:

ssh {remote host} cat {remote file patch} | diff {local file path} -

Here’s an example filling in the blanks with actual data:

ssh cat /etc/named.conf | diff /etc/named.conf -

Note the trailing – (hyphen) at the end. That is not a typo.